Securing Java API for XML processing (JAXP) against malformed input
If your application takes untrusted XML, XSD or XSL files as input, you can enforce specific limits during JAXP processing to protect your application from malformed data. If you specify limits, you must override the default XML parser configuration with a custom configuration.
About this task
To protect your application from malformed data, you can enforce specific limits during JAXP processing. These limits can be set in your jaxp.properties file, or by specifying various system properties on the command line. However, for these limits to take effect you must also override the default XML parser configuration with a custom configuration that allows these secure processing limits.
Note: The IBM XML
implementation is deprecated in IBM® SDK, Java™ Technology Edition, Version 8 and will be replaced by the Oracle XML
implementation in a future release.